FreeRadius Notes: различия между версиями
Материал из noname.com.ua
Перейти к навигацииПерейти к поискуSirmax (обсуждение | вклад) |
Sirmax (обсуждение | вклад) |
||
| Строка 3: | Строка 3: | ||
* https://shop.nag.ru/article/ericsson-smartedge-freeradius-billing |
* https://shop.nag.ru/article/ericsson-smartedge-freeradius-billing |
||
* https://code.google.com/archive/p/cakebilling/wikis/ConfiguringFreeRadius.wiki |
* https://code.google.com/archive/p/cakebilling/wikis/ConfiguringFreeRadius.wiki |
||
| + | |||
| + | =Минимальный рабочий конфиг= |
||
| + | Тут чертовски важен порядок модулей - если переставить местами pap/files то получится что pap не сможет получить пароль |
||
| + | <BR> |
||
| + | По сути тут логика такая |
||
| + | * Пришел пользователь |
||
| + | * |
||
| + | <PRE> |
||
| + | server default { |
||
| + | listen { |
||
| + | type = auth |
||
| + | ipv4addr = * |
||
| + | port = 1812 |
||
| + | limit { |
||
| + | max_connections = 16 |
||
| + | lifetime = 0 |
||
| + | idle_timeout = 30 |
||
| + | } |
||
| + | } |
||
| + | |||
| + | listen { |
||
| + | ipv4addr = * |
||
| + | port = 1813 |
||
| + | type = acct |
||
| + | } |
||
| + | |||
| + | |||
| + | instantiate { |
||
| + | exec |
||
| + | expr |
||
| + | expiration |
||
| + | } |
||
| + | |||
| + | authorize { |
||
| + | files |
||
| + | pap |
||
| + | } |
||
| + | |||
| + | authenticate { |
||
| + | Auth-Type PAP { |
||
| + | pap |
||
| + | } |
||
| + | } |
||
| + | } # end of SERVER |
||
| + | </PRE> |
||
| + | |||
| + | <PRE> |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) Received Access-Request Id 51 from 127.0.0.1:54599 to 127.0.0.1:1812 length 73 |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) User-Name = "bob" |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) User-Password = "hello" |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) NAS-IP-Address = 10.90.1.213 |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) NAS-Port = 0 |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) Message-Authenticator = 0xa051e8612e62faaa98baa723ceb98219 |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) session-state: No State attribute |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) authorize { |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: calling files (rlm_files) |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) files: users: Matched entry bob at line 4 |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: FROM 1 TO 0 MAX 1 |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: Examining Reply-Message |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: Hello, %{User-Name} |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: Parsed xlat tree: |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: literal --> Hello, |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: attribute --> User-Name |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) files: EXPAND Hello, %{User-Name} |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) files: --> Hello, bob |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: APPENDING Reply-Message FROM 0 TO 0 |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: TO in 0 out 0 |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: returned from files (rlm_files) |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) [files] = ok |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: calling pap (rlm_pap) |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: returned from pap (rlm_pap) |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) [pap] = updated |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) } # authorize = updated |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) Found Auth-Type = PAP |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) Auth-Type PAP { |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authenticate]: calling pap (rlm_pap) |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) pap: Login attempt with password "hello" (5) |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) pap: Comparing with "known good" Cleartext-Password "hello" (5) |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) pap: User authenticated successfully |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authenticate]: returned from pap (rlm_pap) |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) [pap] = ok |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) } # Auth-Type PAP = ok |
||
| + | Fri Jul 14 18:07:17 2023 : ERROR: (0) Cannot proxy packets unless 'proxy_requests = yes' |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) Empty post-auth section in virtual server "default". Using default return values. |
||
| + | Fri Jul 14 18:07:17 2023 : Auth: (0) Login OK: [bob/hello] (from client localhost port 0) |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) Sent Access-Accept Id 51 from 127.0.0.1:1812 to 127.0.0.1:54599 length 32 |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) Reply-Message = "Hello, bob" |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: (0) Finished request |
||
| + | Fri Jul 14 18:07:17 2023 : Debug: Waking up in 4.9 seconds. |
||
| + | </PRe> |
||
Версия 20:07, 14 июля 2023
Это просто сборник ссылок и заметок
- https://shop.nag.ru/article/ericsson-smartedge-freeradius-billing
- https://code.google.com/archive/p/cakebilling/wikis/ConfiguringFreeRadius.wiki
Минимальный рабочий конфиг
Тут чертовски важен порядок модулей - если переставить местами pap/files то получится что pap не сможет получить пароль
По сути тут логика такая
- Пришел пользователь
server default {
listen {
type = auth
ipv4addr = *
port = 1812
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipv4addr = *
port = 1813
type = acct
}
instantiate {
exec
expr
expiration
}
authorize {
files
pap
}
authenticate {
Auth-Type PAP {
pap
}
}
} # end of SERVER
Fri Jul 14 18:07:17 2023 : Debug: (0) Received Access-Request Id 51 from 127.0.0.1:54599 to 127.0.0.1:1812 length 73
Fri Jul 14 18:07:17 2023 : Debug: (0) User-Name = "bob"
Fri Jul 14 18:07:17 2023 : Debug: (0) User-Password = "hello"
Fri Jul 14 18:07:17 2023 : Debug: (0) NAS-IP-Address = 10.90.1.213
Fri Jul 14 18:07:17 2023 : Debug: (0) NAS-Port = 0
Fri Jul 14 18:07:17 2023 : Debug: (0) Message-Authenticator = 0xa051e8612e62faaa98baa723ceb98219
Fri Jul 14 18:07:17 2023 : Debug: (0) session-state: No State attribute
Fri Jul 14 18:07:17 2023 : Debug: (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
Fri Jul 14 18:07:17 2023 : Debug: (0) authorize {
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: calling files (rlm_files)
Fri Jul 14 18:07:17 2023 : Debug: (0) files: users: Matched entry bob at line 4
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: FROM 1 TO 0 MAX 1
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: Examining Reply-Message
Fri Jul 14 18:07:17 2023 : Debug: Hello, %{User-Name}
Fri Jul 14 18:07:17 2023 : Debug: Parsed xlat tree:
Fri Jul 14 18:07:17 2023 : Debug: literal --> Hello,
Fri Jul 14 18:07:17 2023 : Debug: attribute --> User-Name
Fri Jul 14 18:07:17 2023 : Debug: (0) files: EXPAND Hello, %{User-Name}
Fri Jul 14 18:07:17 2023 : Debug: (0) files: --> Hello, bob
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: APPENDING Reply-Message FROM 0 TO 0
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: TO in 0 out 0
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: returned from files (rlm_files)
Fri Jul 14 18:07:17 2023 : Debug: (0) [files] = ok
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: calling pap (rlm_pap)
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: returned from pap (rlm_pap)
Fri Jul 14 18:07:17 2023 : Debug: (0) [pap] = updated
Fri Jul 14 18:07:17 2023 : Debug: (0) } # authorize = updated
Fri Jul 14 18:07:17 2023 : Debug: (0) Found Auth-Type = PAP
Fri Jul 14 18:07:17 2023 : Debug: (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
Fri Jul 14 18:07:17 2023 : Debug: (0) Auth-Type PAP {
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authenticate]: calling pap (rlm_pap)
Fri Jul 14 18:07:17 2023 : Debug: (0) pap: Login attempt with password "hello" (5)
Fri Jul 14 18:07:17 2023 : Debug: (0) pap: Comparing with "known good" Cleartext-Password "hello" (5)
Fri Jul 14 18:07:17 2023 : Debug: (0) pap: User authenticated successfully
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authenticate]: returned from pap (rlm_pap)
Fri Jul 14 18:07:17 2023 : Debug: (0) [pap] = ok
Fri Jul 14 18:07:17 2023 : Debug: (0) } # Auth-Type PAP = ok
Fri Jul 14 18:07:17 2023 : ERROR: (0) Cannot proxy packets unless 'proxy_requests = yes'
Fri Jul 14 18:07:17 2023 : Debug: (0) Empty post-auth section in virtual server "default". Using default return values.
Fri Jul 14 18:07:17 2023 : Auth: (0) Login OK: [bob/hello] (from client localhost port 0)
Fri Jul 14 18:07:17 2023 : Debug: (0) Sent Access-Accept Id 51 from 127.0.0.1:1812 to 127.0.0.1:54599 length 32
Fri Jul 14 18:07:17 2023 : Debug: (0) Reply-Message = "Hello, bob"
Fri Jul 14 18:07:17 2023 : Debug: (0) Finished request
Fri Jul 14 18:07:17 2023 : Debug: Waking up in 4.9 seconds.
